The University of Texas M.D. Anderson Cancer Center announced last Friday that it had yet another data breach this year. According to the Houston Chronicle, on the 13 July, an unencrypted thumb drive containing the names, birth dates, medical record numbers, and health information on 2200 patients had been lost by a medical student on a shuttle bus. The only "good news" is that the thumb drive did not contain anyone’s Social Security information or financial data.

In April, an unencrypted laptop containing information on some 30 000 M.D. Anderson Cancer Center patients was stolen from a faculty member’s home. The information included patient names, Social Security numbers, as well as detailed medical information on at least 10 000 patients, the Chronicle reported. As a result of the theft, the Cancer Center embarked on encrypting the information on over 26 000 computers.

What is interesting is that back in November of 2006, the Chronicle reported on a laptop that contained patient insurance claim information (including "patients' names, policy numbers, Social Security numbers, dates of birth, ZIP codes, medical procedures, and dates of service") on 4000 M.D. Anderson patients being stolen out of the home of an employee of PricewaterhouseCooper. The PWC employee was involved in reviewing patient insurance claims.

In the latter case, the information on the laptop was strongly encrypted. For whatever reason, the security executives at M.D. Anderson didn’t take that incident as a warning that maybe they should do the same for their own laptops and thumb drives—an opportunity missed.

BTW, a statement by M. D. Anderson on the latest incident says that it, “deeply regrets that this incident has occurred,” and that it is now buying encrypted thumb drives “for distribution to employees who handle sensitive data.”

According to a records search of the Privacy Rights Clearinghouse, which keeps a running tab on data breaches and the like, so far this year 387 357 medical-related records have been compromised in 68 reported incidents involving lost, discarded or stolen laptop, PDA, smartphone, portable memory device, CD, hard drive, data tape, etc. Last year there were 66 such breaches with 6 130 630 records compromised.

Photo: iStockphoto

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less